Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.61...7.21.0-rc.62

• CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service
• CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

• Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by @normanmaurer in https://github.com/netty/netty/pull/16248
• Make RefCntOpenSslContext.deallocate more robust (#16253) by @normanmaurer in https://github.com/netty/netty/pull/16257
• Update to gcc for arm 10.3-2021.07 (#16255) by @normanmaurer in https://github.com/netty/netty/pull/16263
• HTTP2: Correctly account for padding when decompress by @normanmaurer in https://github.com/netty/netty/pull/16265
• Update JDK versions to latest patch releases (#16254) by @normanmaurer in https://github.com/netty/netty/pull/16267
• Backport 4.1: Automatic backporting workflow from 4.1 to 4.2 by @github-actions[bot] in https://github.com/netty/netty/pull/16274
• Backport 4.1: Backport PRs must be created with personal access tokens by @chrisvest in https://github.com/netty/netty/pull/16277
• Backport 4.1: Add more porting workflows by @netty-project-bot in https://github.com/netty/netty/pull/16284
• Backport 4.1: Some polishing of the porting workflows by @netty-project-bot in https://github.com/netty/netty/pull/16292
• Backport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by @netty-project-bot in https://github.com/netty/netty/pull/16303
• Auto-port 4.1: Support more branch freedom for auto-porting by @netty-project-bot in https://github.com/netty/netty/pull/16310
• fix: the precedence of + is higher than >> (#16312) by @chrisvest in https://github.com/netty/netty/pull/16316
• AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by @chrisvest in https://github.com/netty/netty/pull/16320
• Auto-port 4.1: Fix flaky PooledByteBufAllocatorTest by @netty-project-bot in https://github.com/netty/netty/pull/16324
• Auto-port 4.1: Fix pooled arena accounting tests by @netty-project-bot in https://github.com/netty/netty/pull/16326
• Auto-port 4.1: Fix RunInFastThreadLocalThreadExtension by @netty-project-bot in https://github.com/netty/netty/pull/16328
• Auto-port 4.1: AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed by @netty-project-bot in https://github.com/netty/netty/pull/16331
• Auto-port 4.1: Mark LoggingHandlerTest with @Isolated to fix flaky build by @netty-project-bot in https://github.com/netty/netty/pull/16340
• Auto-port 4.1: Fix flaky HTTP/2 test by @netty-project-bot in https://github.com/netty/netty/pull/16348
• Auto-port 4.1: Fix flaky RenegotiateTest by @netty-project-bot in https://github.com/netty/netty/pull/16355
• Auto-port 4.1: Fix HTTP/2 push frame test by @netty-project-bot in https://github.com/netty/netty/pull/16353
• SSL test: Don't depend on property value in test (#16346) by @normanmaurer in https://github.com/netty/netty/pull/16362
• Auto-port 4.1: Don't assume CertificateFactory is thread-safe by @netty-project-bot in https://github.com/netty/netty/pull/16364
• AdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (#16334) by @chrisvest in https://github.com/netty/netty/pull/16368
• Auto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by @netty-project-bot in https://github.com/netty/netty/pull/16372
• Fix leak in SniHandlerTest (#16367) by @normanmaurer in https://github.com/netty/netty/pull/16377
• Auto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by @netty-project-bot in https://github.com/netty/netty/pull/16373
• Remove reference counting from size classed chunks (#16306) by @chrisvest in https://github.com/netty/netty/pull/16379
• Auto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by @netty-project-bot in https://github.com/netty/netty/pull/16384
• Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by @samlandfried in https://github.com/netty/netty/pull/16280
• Auto-port 4.1: Fix autoport fetching into the existing branch - again by @netty-project-bot in https://github.com/netty/netty/pull/16417
• Auto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by @netty-project-bot in https://github.com/netty/netty/pull/16419
• Auto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by @netty-project-bot in https://github.com/netty/netty/pull/16421
• Auto-port 4.1: Whitelist JMH annotation processing in microbench module by @netty-project-bot in https://github.com/netty/netty/pull/16430
• Auto-port 4.1: HTTP2: Ensure preface is flushed in all cases by @netty-project-bot in https://github.com/netty/netty/pull/16432
• Auto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by @netty-project-bot in https://github.com/netty/netty/pull/16437
• Auto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by @netty-project-bot in https://github.com/netty/netty/pull/16435
• Auto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by @netty-project-bot in https://github.com/netty/netty/pull/16446
• Auto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by @netty-project-bot in https://github.com/netty/netty/pull/16448
• Auto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by @netty-project-bot in https://github.com/netty/netty/pull/16459
• Auto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by @netty-project-bot in https://github.com/netty/netty/pull/16456
• Auto-port 4.1: Epoll: Add null checks for safety reasons by @netty-project-bot in https://github.com/netty/netty/pull/16463
• Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by @netty-project-bot in https://github.com/netty/netty/pull/16464
• Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen by @netty-project-bot in https://github.com/netty/netty/pull/16467
• Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR by @netty-project-bot in https://github.com/netty/netty/pull/16468
• Auto-port 4.1: AdaptivePoolingAllocator: remove ensureAccessible() call in capacity(int) method by @netty-project-bot in https://github.com/netty/netty/pull/16475
• Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multiple of 32 by @netty-project-bot in https://github.com/netty/netty/pull/16497
• Epoll: setTcpMg5Sig(...) might overflow (#16511) by @normanmaurer in https://github.com/netty/netty/pull/16520
• Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing channelRead by @netty-project-bot in https://github.com/netty/netty/pull/16532
• Limit the number of Continuation frames per HTTP2 Headers by @normanmaurer in https://github.com/netty/netty/pull/13969
• Stricter HTTP/1.1 chunk extension parsing by @chrisvest in https://github.com/netty/netty/pull/16537

• @github-actions[bot] made their first contribution in https://github.com/netty/netty/pull/16274
• @samlandfried made their first contribution in https://github.com/netty/netty/pull/16280

Full Changelog: https://github.com/netty/netty/compare/netty-4.1.131.Final...netty-4.1.132.Final

• CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service
• CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

• Update to latest JDK 26 EA release by @normanmaurer in https://github.com/netty/netty/pull/16230
• HTTP3: Allow to support non-standard HTTP3 settings by @normanmaurer in https://github.com/netty/netty/pull/16171
• Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop by @adwsingh in https://github.com/netty/netty/pull/16245
• Allocate one large segment and slice for each MsgHdrMemory by @dreamlike-ocean in https://github.com/netty/netty/pull/16234
• Make RefCntOpenSslContext.deallocate more robust by @chrisvest in https://github.com/netty/netty/pull/16253
• Epoll: Fix excessive CPU usage when Channel is only registered but no… by @normanmaurer in https://github.com/netty/netty/pull/16250
• Update to gcc for arm 10.3-2021.07 by @m1ngyuan in https://github.com/netty/netty/pull/16255
• Add acmeIdentifier extension support to pkitesting by @chrisvest in https://github.com/netty/netty/pull/16256
• Update JDK versions to latest patch releases by @m1ngyuan in https://github.com/netty/netty/pull/16254
• Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by @doom369 in https://github.com/netty/netty/pull/16241
• Automatic backporting workflow from 4.1 to 4.2 by @chrisvest in https://github.com/netty/netty/pull/16269
• Revert "Automatic backporting workflow from 4.1 to 4.2" by @chrisvest in https://github.com/netty/netty/pull/16270
• HTTP2: Correctly account for padding when decompress by @normanmaurer in https://github.com/netty/netty/pull/16264
• Automatic backporting workflow from 4.1 to 4.2 by @chrisvest in https://github.com/netty/netty/pull/16271
• Automatic backporting workflow from 4.1 to 4.2 by @chrisvest in https://github.com/netty/netty/pull/16273
• Backport PRs must be created with personal access tokens by @chrisvest in https://github.com/netty/netty/pull/16276
• Expose QuicSslContextBuilder::sni by @ZeroErrors in https://github.com/netty/netty/pull/16178
• Add more porting workflows by @chrisvest in https://github.com/netty/netty/pull/16275
• Add more porting workflows by @chrisvest in https://github.com/netty/netty/pull/16283
• Remove the unpooled allocator from test permutations by @chrisvest in https://github.com/netty/netty/pull/16282
• Some polishing of the porting workflows by @chrisvest in https://github.com/netty/netty/pull/16288
• Allow to set destination connection id when creating a client side QuicheChannel by @normanmaurer in https://github.com/netty/netty/pull/16286
• Update to latest JDK26 EA build by @normanmaurer in https://github.com/netty/netty/pull/16295
• Add javadoc to clarify responsibility of the user when generating the remote connection id by @normanmaurer in https://github.com/netty/netty/pull/16293
• Make the build run faster by @chrisvest in https://github.com/netty/netty/pull/16290
• Fix IDE warnings in SslHandler by @doom369 in https://github.com/netty/netty/pull/16237
• Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by @doom369 in https://github.com/netty/netty/pull/16242
• Support boringssl SSLCredential API by @jmcrawford45 in https://github.com/netty/netty/pull/15919
• Fix high-order bit aliasing in HttpUtil.validateToken by @furkanvarol in https://github.com/netty/netty/pull/16279
• Improve multi-byte access performance when UNALIGNED availability is unknown by @Songdoeon in https://github.com/netty/netty/pull/16207
• Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by @doom369 in https://github.com/netty/netty/pull/16278
• Support more branch freedom for auto-porting by @chrisvest in https://github.com/netty/netty/pull/16300
• fix: the precedence of + is higher than >> by @cuiweixie in https://github.com/netty/netty/pull/16312
• AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by @laosijikaichele in https://github.com/netty/netty/pull/16309
• Fix flaky PooledByteBufAllocatorTest by @chrisvest in https://github.com/netty/netty/pull/16313
• Fix pooled arena accounting tests by @chrisvest in https://github.com/netty/netty/pull/16321
• Fix RunInFastThreadLocalThreadExtension by @chrisvest in https://github.com/netty/netty/pull/16314
• AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed by @laosijikaichele in https://github.com/netty/netty/pull/16327
• Recycler should not use thread locals unless they get cleaned up by @chrisvest in https://github.com/netty/netty/pull/16315
• OpenSSL: Don't leak OpenSslKeyManagerProvider on exception by @normanmaurer in https://github.com/netty/netty/pull/16337
• IoUring: Only complete deregistration promise once we received all co… by @normanmaurer in https://github.com/netty/netty/pull/16330
• Mark LoggingHandlerTest with @Isolated to fix flaky build by @normanmaurer in https://github.com/netty/netty/pull/16338
• Fix flaky HTTP/2 test by @chrisvest in https://github.com/netty/netty/pull/16342
• Fix HTTP/2 push frame test by @chrisvest in https://github.com/netty/netty/pull/16343
• Fix flaky RenegotiateTest by @chrisvest in https://github.com/netty/netty/pull/16351
• IoUring: Don't use RDHUP for non stream Channel implementations by @normanmaurer in https://github.com/netty/netty/pull/16345
• SSL test: Don't depend on property value in test by @normanmaurer in https://github.com/netty/netty/pull/16346
• Fix flaky AbstractSingleThreadEventLoopTest by @chrisvest in https://github.com/netty/netty/pull/16352
• Use headers.setInt() in HttpObjectAggregator instead of set() and use concrete version of String.valueOf in CharSequenceValueConverter by @doom369 in https://github.com/netty/netty/pull/16239
• IoUring: Fix buffer leak in DatagramChannel implementation when recv … by @normanmaurer in https://github.com/netty/netty/pull/16359
• Don't assume CertificateFactory is thread-safe by @chrisvest in https://github.com/netty/netty/pull/16350
• AdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity by @laosijikaichele in https://github.com/netty/netty/pull/16334
• Fix leak in SniHandlerTest by @chrisvest in https://github.com/netty/netty/pull/16367
• Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by @chrisvest in https://github.com/netty/netty/pull/16365
• Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by @chrisvest in https://github.com/netty/netty/pull/16370
• Avoid unnecessary Long.toString() allocation in HttpObjectDecoder by @doom369 in https://github.com/netty/netty/pull/16344
• Remove reference counting from size classed chunks by @franz1981 in https://github.com/netty/netty/pull/16306
• Stabilize AbstractByteBufTest.testToStringMultipleThreads by @chrisvest in https://github.com/netty/netty/pull/16380
• Swap conditions to avoid native calls in ReferenceCountedOpenSslEngine.rejectRemoteInitiatedRenegotiation by @doom369 in https://github.com/netty/netty/pull/16389
• Remove duplicated contains calls in WebSockets by @doom369 in https://github.com/netty/netty/pull/16388
• IoUring: Reduce unnecessary io_uring_enter syscalls on non-blocking path by @dreamlike-ocean in https://github.com/netty/netty/pull/16259
• Fix NioIoHandlerTest on macOS by @chrisvest in https://github.com/netty/netty/pull/16396
• LocalChannel: Remove dependency on SingleThreadEventExecutor by @normanmaurer in https://github.com/netty/netty/pull/16393
• Fix autoport fetching into the existing branch by @chrisvest in https://github.com/netty/netty/pull/16403
• HTTP2: Pass the correct number of arguments when logging goaway by @normanmaurer in https://github.com/netty/netty/pull/16392
• Revert "Fix autoport fetching into the existing branch" by @chrisvest in https://github.com/netty/netty/pull/16410
• Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO (#16280) by @chrisvest in https://github.com/netty/netty/pull/16401
• Fix autoport fetching into the existing branch - again by @chrisvest in https://github.com/netty/netty/pull/16411
• Fix typo in AbstractEpollChannel: 'inital' → 'initial' by @nikitanagar08 in https://github.com/netty/netty/pull/16415
• Capture why threads get stuck in testCopyMultipleThreads0 by @chrisvest in https://github.com/netty/netty/pull/16404
• Local transport: shutdown hook should call closeNow to be conistent with what LocalIoHandler will call by @normanmaurer in https://github.com/netty/netty/pull/16406
• Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by @doom369 in https://github.com/netty/netty/pull/16386
• Whitelist JMH annotation processing in microbench module by @laosijikaichele in https://github.com/netty/netty/pull/16428
• Fire the QuicChannel datagram extension event before the channel becomes active by @vietj in https://github.com/netty/netty/pull/16425
• HTTP2: Ensure preface is flushed in all cases by @normanmaurer in https://github.com/netty/netty/pull/16407
• Support QuicheQuicSslEngine hostname identification algorithm. by @vietj in https://github.com/netty/netty/pull/16426
• Fix client_max_window_bits parameter handling in permessage-deflate extension by @nikitanagar08 in https://github.com/netty/netty/pull/16424
• Fix UnsupportedOperationException in readTrailingHeaders by @furkanvarol in https://github.com/netty/netty/pull/16412
• IoUring: Fix io_uring writev infinite loop on kernels without SENDMSG_ZC support by @dreamlike-ocean in https://github.com/netty/netty/pull/16438
• Kqueue: Correctly handle registrations by @normanmaurer in https://github.com/netty/netty/pull/16439
• Kqueue: Correctly use KqueueIoOps.data() when update change list by @normanmaurer in https://github.com/netty/netty/pull/16440
• Native transports: Fix possible fd leak when fcntl fails. by @normanmaurer in https://github.com/netty/netty/pull/16442
• Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by @normanmaurer in https://github.com/netty/netty/pull/16441
• AbstractByteBuf._internalNioBuffer() might throw exception by @normanmaurer in https://github.com/netty/netty/pull/16423
• Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by @normanmaurer in https://github.com/netty/netty/pull/16450
• Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by @normanmaurer in https://github.com/netty/netty/pull/16451
• Epoll: Add null checks for safety reasons by @normanmaurer in https://github.com/netty/netty/pull/16454
• DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by @normanmaurer in https://github.com/netty/netty/pull/16455
• Epoll: Use correct value to initialize mmsghdr.msg_namelen by @normanmaurer in https://github.com/netty/netty/pull/16460
• Epoll: Fix support for IP_RECVORIGDSTADDR by @normanmaurer in https://github.com/netty/netty/pull/16461
• Make unpooled buffers avoid shared arenas by @chrisvest in https://github.com/netty/netty/pull/16443
• Kqueue: Add testsuite on macOS during PR validation by @normanmaurer in https://github.com/netty/netty/pull/15159
• AdaptivePoolingAllocator: remove ensureAccessible() call in capacity(int) method by @laosijikaichele in https://github.com/netty/netty/pull/16473
• Epoll: Remove outdated docs about usage of edge-triggered by @normanmaurer in https://github.com/netty/netty/pull/16478
• IoUring: Correctly unregister native functions on OnLoad failure by @normanmaurer in https://github.com/netty/netty/pull/16487
• QUIC: Correctly handle selection of alpn protos by @normanmaurer in https://github.com/netty/netty/pull/16484
• QUIC: Correctly handle malloc errors during ssl context creation by @normanmaurer in https://github.com/netty/netty/pull/16483
• QUIC: Don'l leak memory when context is detroyed by @normanmaurer in https://github.com/netty/netty/pull/16481
• Quic: Fix global reference leak by @normanmaurer in https://github.com/netty/netty/pull/16480
• Log value of io.netty.ignoreExpensiveClean property during initialization by @normanmaurer in https://github.com/netty/netty/pull/16479
• Cleanup: Fix typo in method name by @normanmaurer in https://github.com/netty/netty/pull/16477
• AdaptivePoolingAllocator: Fix assertion for size class multiple of 32 by @laosijikaichele in https://github.com/netty/netty/pull/16474
• ByteBufAllocatorAllocPatternBenchmark: Fix case sensitivity in benchmark method name check by @laosijikaichele in https://github.com/netty/netty/pull/16482
• Avoid unpooled allocator in CloseWebSocketFrame by @Munoon in https://github.com/netty/netty/pull/16486
• IoUring: Correctly handle the case when malloc fails during probe by @normanmaurer in https://github.com/netty/netty/pull/16501
• IoUring: Correctly unload native stuff by @normanmaurer in https://github.com/netty/netty/pull/16502
• IoUring: Use correct errno value in exception by @normanmaurer in https://github.com/netty/netty/pull/16500
• IoUring: Use more correct bitmask check by @normanmaurer in https://github.com/netty/netty/pull/16507
• IoUring: Correctly handle return value of sys_io_uring_register(...) while register und unregister buffer ring by @normanmaurer in https://github.com/netty/netty/pull/16508
• IoUring: Add NULL check for GetStringUTFChars(...) by @normanmaurer in https://github.com/netty/netty/pull/16509
• Reduce allocations in WebSocketServerHandshaker13 by @doom369 in https://github.com/netty/netty/pull/16505
• Epoll / IoUring: setTcpMg5Sig(...) might overflow by @normanmaurer in https://github.com/netty/netty/pull/16511
• Fix docker image for cross-compiling by @normanmaurer in https://github.com/netty/netty/pull/16522
• Replace ClosedChannelException with StacklessClosedChannelException by @Munoon in https://github.com/netty/netty/pull/16506
• Allocate less in QueryStringDecoder.addParam for typical use case by @doom369 in https://github.com/netty/netty/pull/16527
• Enforce io.netty.maxDirectMemory accounting on all Java versions by @j-bahr in https://github.com/netty/netty/pull/16489
• JdkZlibDecoder: accumulate decompressed output before firing channelRead by @franz1981 in https://github.com/netty/netty/pull/16510
• Eliminate redundant bounds checks in CompositeByteBuf accessors by @franz1981 in https://github.com/netty/netty/pull/16525
• Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers by @netty-project-bot in https://github.com/netty/netty/pull/16536

• @jmcrawford45 made their first contribution in https://github.com/netty/netty/pull/15919
• @furkanvarol made their first contribution in https://github.com/netty/netty/pull/16279
• @Songdoeon made their first contribution in https://github.com/netty/netty/pull/16207
• @cuiweixie made their first contribution in https://github.com/netty/netty/pull/16312
• @nikitanagar08 made their first contribution in https://github.com/netty/netty/pull/16415

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.10.Final...netty-4.2.11.Final

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.60...7.21.0-rc.61

• build(deps): bump the github-actions group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/Activiti/Activiti/pull/5343

• AAE-43503 Update spring-security to 6.5.9 by @souvikpanda99 in https://github.com/Activiti/Activiti/pull/5344

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.59...7.21.0-rc.60

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.58...7.21.0-rc.59

• 28839ee: [dotnet][rb][java][js][py] Automated Browser Version Update (#17247) (Selenium CI Bot) #17247

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.57...7.21.0-rc.58

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.56...7.21.0-rc.57

Full Changelog: https://github.com/Activiti/Activiti/compare/7.21.0-rc.55...7.21.0-rc.56